My requirement is this:
I have a DNN website www.websiteA.com.
I want to build www.websiteB.com and www.websiteC.com on the same DNN installation. www.websiteB.com and www.websiteC.com should allow users of www.websiteA.com to login with the same username and password.
When a user logs in to www.websiteA.com, and then navigates to www.websiteB.com or www.websiteC.com, they shouldn’t have to login again as they are already logged in to the main website.
I found modules that will let me share users between these websites, such that they can login to any of the three websites using the same credentials.
However, I cannot find a way to login a user to all websites simultaneously, so that the user does not have to login again.
I would prefer to do this without modifying the DNN source too much. Since all three websites are on the same DNN installation, I was hoping there would be a way to share authentication cookies, but I haven't found any yet.
Can anyone provide me more direction in this matter? Thanks!
I did this exact thing for two clients using the Site Groups feature but it required the caveat as in the above comments. You must use a child aliases for your other portals so that they are all on the same domain. That is key so that the user's session cookie can be used across portals.
So this is how I setup the portal aliases:
websiteA = portal 0, alias websiteA.com (Primary)
websiteB = portal 1, alias websiteA.com/b (Primary) and alias websiteB.com redirect alias
websiteC = portal 2, alias websiteA.com/c (Primary) and alias websiteC.com redirect alias
The Site Groups user interface to manage the groups is an Evoq feature, but the backend is a core platform structure.
Here is how you would configure it without the UI in DNN Community:
Create a record in PortalGroups table:
MasterPortalID = 0, PortalGroupName = 'WebsiteA Group', AuthenticationDomain = 'websiteA.com'
Now update the PortalGroupID field in the Portals table:
WHERE PortalID = 0, SET PortalGroupID = -1
WHERE PortalID = 1, SET PortalGroupID = 1 (assuming the new PortalGroupID you added was 1)
WHERE PortalID = 2, SET PortalGroupID = 1
Another thing you could do is write your own custom DNN Authentication Provider (http://www.dnnsoftware.com/community-blog/cid/134678/dotnetnuke-tips-and-tricks-12-creating-your-own-authentication-provider).
Then, just have the authentication provider check an authentication cookie on the user's system. If the cookie is valid (and not expired), you can automatically log them in. Otherwise, redirect them to the main login screen. I did this, but the other site was a Java based dashboard.
Related
I'm currently troubleshooting a login issue for a deployed Moodle. Login page uses an alternate page which I have managed to identify. The alternate page considers everything except successful login as invalid or expired login or password.
Since some correct login and password are also getting the same issue.I am trying to restore the Moodle instance to use its default login page but did not find any $CFG->alternateloginurl configuration set in moodle.php. Kindly please provide any pointers you can think of on where to look next to restore the login page.
PS: I've also searched within the active theme, and there has not been any code changes. Uses a variant of Moove
Thank you
Rest assured that its a common issue
https://docs.moodle.org/401/en/Managing_authentication#Alternate_login_URL
There is an entry in the database
SELECT *
FROM mdl_config
WHERE name = 'alternateloginurl'
Note the value, just in case, then blank it out
UPDATE mdl_config
SET value = ''
WHERE name = 'alternateloginurl'
Then purge the cache to update Moodle
php admin/cli/purge_caches.php
When you do manage to log in, check which other authentication methods are active via
Site administration > Plugins > Authentication > Manage authentication
https://docs.moodle.org/401/en/Managing_authentication
The default methods are manual and email self registration
Although self registration is disabled by default in the settings on the same page (registerauth)
I'm developing my first Metro app using XAML. The app is for our company intranet use only. I have these questions -
Is it possible to retrieve the account name (domain\username) of the current logged in user? Do I need to use a WinRT component for this? I looked up Windows.Security.Authentication namespace and only Web and OnlineId are available.
I'm using the WebView control to navigate to a secure URL. If I open this URL in a browser, I do not get any prompts (since my machine is joined to the domain), but if I open the URL in a WebView, I get the username & password prompt. Is there a way to get rid of it?
Update - I was able to solve #2 question by enabling Enterprise Authentication in the Capabilities tab of the Package.appxmanifest file.
For No. 1:
Please use Windows.System.UserProfile.UserInformation class to get all relevant information
GetDisplayNameAsync()
GetDomainNameAsync()
GetPrincipleNameAsync()
e.g. to get the display name
if (UserInformation.NameAccessAllowed)
{
string player = await UserInformation.GetDisplayNameAsync();
}
I'm using devise/omniauth to do facebook authentication and works great. However, I would like to add a flow where an existing (non-facebook) user has ability to connect his account with facebook. This would require different facebook permissions. so i can't seem to find two things
how to use devise/omniauth to request facebook connect without logging out current user
request different extended permissions from user (different from those specified in the devise configuration file)
any ideas? thanks
Answer to 1 is pretty easy: just add a if path into the omniauth_callbacks_controller::process_callback method like this
# If a user is signed in then he is trying to link a new account
if user_signed_in?
if authentication.persisted? # This was a linking operation so send back the user to the account edit page
flash[:success] = I18n.t "controllers.omniauth_callbacks.process_callback.success.link_account",
:provider => registration_hash[:provider].capitalize,
:account => registration_hash[:email]
else
flash[:error] = I18n.t "controllers.omniauth_callbacks.process_callback.error.link_account",
:provider => registration_hash[:provider].capitalize,
:account => registration_hash[:email],
:errors =>authentication.errors
end
redirect_to edit_user_account_path(current_user)
This is what I do in my application and it works fine.
Regarding question 2 I do not know how to support 2 different facebook authentication configurations however I have hard time seeing how that is useful to users since they need a consistent experience across both path: "sign in using facebook" and "link your account to facebook".
(If you still want to pursue this path one idea I would explore is to create a new facebook application with its independent keys and configuration...)
Hope this help.
One simple way to implement multi-tier permissions is to use Facebook Javascript SDK(in addition to omniauth, if you want). You can simply specify different "scope" parameter, which specifies permissions required, at each call you want. What I'm doing is making omniauth provide a basic set of permissions, then, after the user has connected through omniauth(and thus stored their data in our DB), if further permissions are needed, we show them JS-based buttons which provide expanded sets of permissions. If you want to check what particular permissions a user has granted to you, you can simply use me/permissions API call.
I'm creating a webapp with this combination of tools. I'm authenticating with App Engine in the following manner:
class googleLogin(webapp.RequestHandler):
def get(self):
callbackURL = 'http://%s/googleLoginCallback' % getHost()
#Create a client service
gdClient = gdata.docs.service.DocsService()
gdata.alt.appengine.run_on_appengine(gdClient)
gdClient.SetOAuthInputParameters(gdata.auth.OAuthSignatureMethod.HMAC_SHA1,
_GoogleConsumerKey,
consumer_secret=_GoogleConsumerSecret)
#Get a Request Token
requestToken = gdClient.FetchOAuthRequestToken(scopes=_GoogleDataScope,
extra_parameters={'xoauth_displayname': APP_NAME})
#Persist token secret
self.session = Session()
self.session[TOKENSECRETKEY] = requestToken.secret
gdClient.auto_set_current_token = True
gdClient.SetOAuthToken(requestToken)
authUrl = gdClient.GenerateOAuthAuthorizationURL(callback_url=callbackURL)
self.redirect(authUrl)
I authenticated my domain with Google at https://www.google.com/accounts/ManageDomain, entering a target URL and am using the given Consumer Key/Secret. For instance, if my domain was 'juno.appspot.com', I am using http://juno.appspot.com as the target url path prefix.
The process is working; however, Google presents this message to the user in a yellow security box:
"The application that directed you
here claims to be 'xxxxxx'. We are
unable to verify this claim as the
application runs on your computer, as
opposed to a website. We recommend
that you deny access unless you trust
the application."
I don't think I should be getting this error, since my server is getting the request token and creating the authorization URL. Does anyone have any insight on how to get rid of this warning?
Google's domain registration has an option to upload a certificate, but I shouldn't need to do that because I'm using OAuth with the HMAC_SHA1 signature method.
Also, not that it should matter, but I'm doing all this through a UIWebView on the iPhone. I'm specifically trying to do all authentication server-side to avoid exposing my Consumer Key/Secret.
Thank you for any tips :)
Solved.
The culprit is this line from above:
extra_parameters={'xoauth_displayname': APP_NAME})
Setting this value for a registered application intentionally triggers a warning to users, as indicated by the Google documentation:
xoauth_displayname:
(optional) String identifying the
application. This string is displayed
to end users on Google's authorization
confirmation page. For registered
applications, the value of this
parameter overrides the name set
during registration and also triggers
a message to the user that the
identity can't be verified. For
unregistered applications, this
parameter enables them to specify an
application name, In the case of
unregistered applications, if this
parameter is not set, Google
identifies the application using the
URL value of oauth_callback; if
neither parameter is set, Google uses
the string "anonymous".
Removing this line no longer allows me to use a 'nice' name in place of the domain, but it gets rid of that annoying yellow box :)
I'm not sure exactly where the issue may be in your code, but I've got a one page oauth/appengine/gdata example which may at least set you in the right direction. Have you tried to navigate to the site directly from the iPhone/desktop browser to see what message is delivered?
Hope it helps.
Alternatively, is it possibly to do with the user agent the UIWebView sets?
I have rather special need in login to vBulletin not from forum directly. I looked through topics by searching "vbulletin login", but found nothing.
So here's the structure.
domain.com - main site, access is
restricted by ip range
domain.com/forum/ - vB with cookie's
host set to .domain.com, of course
it's also restricted by ip
extra.domain.com - secondary site
which is available to almost anyone
('almost' includes users of vB
created manually via ACP)
As for now users already authenticated at domain.com/forum/ are recognized both at domain.com and at extra.domain.com.
So the problem is to login from extra.domain.com to domain.com/forum/
However i can't just post entered usernames and passwords to forum because of ip restriction. As I get it, there should be some wrapper, which will do all the login procedure via cURL or somehow, get all the cookies and then return them to user.
First of all, please tell me if I'm on a right way in my thoughts? Also are there any other ways to complete task without having to spend hours with HTTP sniffer? I mean are there any SOAP plugins for vB auth from trusted domains? Forum version is 4.0.8
Does the code on the secondary site have access to the vBulletin code & database? If so, you can handle vBulletin logins in PHP like so:
chdir('/directory/where/vbulletin/is');
require_once('global.php');
require_once(DIR . '/includes/functions_login.php');
// Check for too many login attempts
$strikes = verify_strike_status($username, TRUE);
if ($strikes === FALSE || $strikes >= 5) {
// TODO: Your error handling here
}
// Attempt authentication
if (!verify_authentication($username, $password, '', '', TRUE, TRUE)) {
exec_strike_user($username);
// TODO: Handle bad username & password here
}
// Clear records of previous bad logins
exec_unstrike_user($username);
// Create a new session
process_new_login('', TRUE, '');
The code above should work with vBulletin 3.8.x, but from what I remember of 4.x it shouldn't take much tweaking to make it work with 4.0.8.
Set the 5th parameter to verify_authentication to false if you wish to make the login non-persistent (like not checking "Remember Me" on login).